GHSA-j835-6ff4-p3mc
GitHub Security Advisory
⚠ Unreviewed
CRITICAL
Has CVE
Advisory Details
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default. The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3
Related CVEs
Key Information
9.0
/10
Dataset
Last updated: September 14, 2025 6:31 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.